Episode 34
Detecting Malicious Insider Threats by Monitoring User Journeys
Insider threats are often considered the biggest risk for organizations because they can cause the most destruction. Survey reports, and studies, have found that organizations have spent millions of dollars to recover from insider threat attacks. Proactively detecting and thwarting such threats is a critical aspect of robust information security governance. Doron Hendler, CEO, and Co-Founder at RevealSecurity, sheds light on a context-based detection model that analyzes activity sequences performed when using an application. According to Doron, this User Journey Analytics method is a ubiquitous detection model that can be applied to any SaaS and custom-built application. Since no rules are required, it eliminates the need to fully understand the application business logic.
Time Stamps
First, let's talk about your professional journey before we get into the details of insider threats, detection challenges, and solutions.
Doron, would you like to add to the reasons why we are having this discussion?
So, Doron, going back to monitoring using technology, share with the listeners what was the traditional method, what were some of the weaknesses of the traditional method, and what you and your company are offering by way of your platform.
So given this move to these more advanced, more sophisticated solutions, for folks who are listening in on this conversation, CISOs of companies who have the authority to make purchasing decisions, how do they go about evaluating the different products out there? What should they be looking for in terms of what would work best for their context for their environment? Any advice? Any suggestions?
What could be possible shortcomings of the user journey analytics approach?
If a company was going to adopt this (User Journey Analytics) technology platform, what kind of changes does it require? From a change management standpoint, what should an organization be prepared for?
When the user journey is different from the normal user journey, let's say abnormal user journeys are detected, how does the alert system work? Who is alerted? And is there a way of capturing or documenting whether organizations respond to those alerts?
How do you convince a potential buyer or potential customer to adopt this new technology solution? What does it take to convince them? What have you experienced when you have engaged with prospective customers? What are their concerns when they're evaluating such platforms?
I'd like to give you the opportunity to wrap it up for us with some final thoughts and advice.
Memorable Doron Hendler Quotes/Statements
"The highest risk in today's organizations, in our digital transformation, is our identities."
"If you cannot trust anyone, you have to monitor, you have to track, and you have to learn how to do this quickly, accurately, and automatically."
"Today's solution around detections, which are based on rules, basically provide very, very limited, ineffective detection, in the application layer."
"Accuracy comes with context, if you understand the context, you will have much better accuracy."
"This technology will offer a solution which is frictionless, that doesn't require major (organizational) changes or any changes."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
Transcript
Welcome to the Cybersecurity Readiness Podcast
Introducer:series with Dr. Dave Chatterjee. Dr. Chatterjee is the author of
Introducer:the book Cybersecurity Readiness: A Holistic and
Introducer:High-Performance Approach, a SAGE publication. He has been
Introducer:studying cybersecurity for over a decade, authored and edited
Introducer:scholarly papers, delivered talks, conducted webinars and
Introducer:workshops, consulted with companies and served on a
Introducer:cybersecurity SWAT team with Chief Information Security
Introducer:officers. Dr. Chatterjee is Associate Professor of
Introducer:Management Information Systems at the Terry College of
Introducer:Business, the University of Georgia. As a Duke University
Introducer:Visiting Scholar, Dr. Chatterjee has taught in the Master of
Introducer:Engineering in Cybersecurity program at the Pratt School of
Introducer:Engineering.
Dr. Dave Chatterjee:Hello, everyone, I'm delighted to
Dr. Dave Chatterjee:welcome you to this episode of the Cybersecurity Readiness
Dr. Dave Chatterjee:Podcast Series. Our discussion today will revolve around
Dr. Dave Chatterjee:insider threats, and how to proactively detect and thwart
Dr. Dave Chatterjee:this form of malicious attack. I'm indeed fortunate, in fact,
Dr. Dave Chatterjee:we are fortunate to have with us Mr. Doron Hendler, CEO and
Dr. Dave Chatterjee:Co-Founder of RevealSecurity. Welcome Doron!
Doron Hendler:Hello, welcome. Hi, Dave, thank you for inviting
Doron Hendler:me.
Dr. Dave Chatterjee:Sure, sure. Looking forward to learning a
Dr. Dave Chatterjee:lot from you about your journey. So let's do that first. Let's
Dr. Dave Chatterjee:talk about your professional journey before we get into the
Dr. Dave Chatterjee:details of insider threat, detection challenges, and
Dr. Dave Chatterjee:solutions.
Doron Hendler:So I'm in the High Tech for more than 30 years
Doron Hendler:doing different types of journeys in different
Doron Hendler:industries, different skills. Basically, I've done business
Doron Hendler:and traveling from almost Australia to Brazil and did
Doron Hendler:businesses across companies, across industries, in different
Doron Hendler:geographies. And I was fortunate to get into RevealSecurity
Doron Hendler:mainly because, a few years ago, I was a social engineer, then by
Doron Hendler:mistake, I was hacked by somebody that called me and by
Doron Hendler:mistake, I made a terrible mistake by not notice that
Doron Hendler:somebody is social engineering me and I consider myself as a
Doron Hendler:sophisticated user. And when I called to this insurance company
Doron Hendler:that I realized that I've been hacked, I told them what
Doron Hendler:happened. And I asked them to basically close my online portal
Doron Hendler:and credentials and reset my credentials. And they did so.
Doron Hendler:And when I spoke to the CISO, she was telling me that I don't
Doron Hendler:have to be worried. And I asked her why. And she said, because
Doron Hendler:it happens to so many different people, even the sophisticated
Doron Hendler:one, and I asked her how come you don't have any technology
Doron Hendler:solution in place that can detect that somebody is
Doron Hendler:basically impersonating and doing malicious activities on my
Doron Hendler:behalf on my name. And she said that they do have technology,
Doron Hendler:however, it takes them forever to detect and once they detect
Doron Hendler:it's already weeks after the incidents, and it's not
Doron Hendler:accurate. And it's it's it's a problem. And when I heard that
Doron Hendler:this is a problem, I thought to myself, alright, this is an
Doron Hendler:opportunity. And this is how we started RevealSecurity. David
Doron Hendler:and myself, my co-founder and partner along alongside with
Doron Hendler:Adi, who is System Architect.
Dr. Dave Chatterjee:Fantastic. So that's great that you
Dr. Dave Chatterjee:experienced something which motivated you to address a need.
Dr. Dave Chatterjee:And I can't emphasize enough how important it is to develop
Dr. Dave Chatterjee:solutions, whether that involves a specific technology, process,
Dr. Dave Chatterjee:people, whatever that might be, because we could do with all the
Dr. Dave Chatterjee:help that's necessery. I'd like to give the listeners a little
Dr. Dave Chatterjee:bit of a background on insider threats, and then I'll turn it
Dr. Dave Chatterjee:over to you because you are the expert here. So, as our
Dr. Dave Chatterjee:listeners must be aware, insider threats are often considered the
Dr. Dave Chatterjee:biggest risk for organizations because they can cause the most
Dr. Dave Chatterjee:destruction. In fact, survey reports, studies, have found
Dr. Dave Chatterjee:that organizations have had to spend millions of dollars to
Dr. Dave Chatterjee:recover from insider threat attacks. And if you think of
Dr. Dave Chatterjee:some of the well known attacks, probably the GE attack will come
Dr. Dave Chatterjee:to mind, where employees stole trade secrets to gain a business
Dr. Dave Chatterjee:advantage. Then we are also very familiar with the Capital One
Dr. Dave Chatterjee:breach, which happened in 2019, which was carried out by a
Dr. Dave Chatterjee:former software engineer from Amazon Web Services, which was
Dr. Dave Chatterjee:basically the hosting company for Capital One. I also was
Dr. Dave Chatterjee:intrigued to read about a disgruntled employee who was
Dr. Dave Chatterjee:able to gain access to Tesla CEO Elon Musk's privileges to make
Dr. Dave Chatterjee:direct code changes to the Tesla manufacturing operating system
Dr. Dave Chatterjee:under false usernames and exporting large amounts of
Dr. Dave Chatterjee:highly sensitive Tesla data to unknown third parties. So these
Dr. Dave Chatterjee:are very concerning. Doron, would you like to add to the the
Dr. Dave Chatterjee:reason why we are having this discussion?
Doron Hendler:So rightfully said Dave, the highest risk in
Doron Hendler:today's organizations in our digital transformation is our
Doron Hendler:identities. So in many of the cases, we're moving from known
Doron Hendler:people that work in the office on a day to day basis, to
Doron Hendler:identity, digital identities, this is a digital world. And the
Doron Hendler:ability to actually understand who does what in our corporate
Doron Hendler:business application is one of the major challenges in today's
Doron Hendler:world. Because once you move to the cloud, once you move to SAS,
Doron Hendler:it's it's all about you and the application and what you do. If
Doron Hendler:you connect more applications from a marketplace, then
Doron Hendler:basically you enrich the connectivity and data and flows
Doron Hendler:and activities between applications, and the one that
Doron Hendler:knows all of our all of our secrets, and all of our
Doron Hendler:solutions that basically should protect ourselves, are the
Doron Hendler:people that have the privileges and the ones that that actually
Doron Hendler:knows, and protect us, I like to give this analogy for the guard
Doron Hendler:that basically sits and in the entrance of many offices, this
Doron Hendler:guard knows about all the alarm systems, and all the checkups,
Doron Hendler:and all the procedures in order to do this monitoring. But what
Doron Hendler:happens if we cannot trust this guard? What happens if this
Doron Hendler:guard is doing malicious activity? How would you if you
Doron Hendler:cannot trust this guy? And at the end, people say, okay, but
Doron Hendler:are you monitoring your internal employees? Are you monitoring
Doron Hendler:your partners? So now I'm trusting my systems to basically
Doron Hendler:monitor privileged accounts and accounts and actions. And I'm
Doron Hendler:looking for anomalies because I want to protect the company, I
Doron Hendler:want to protect our business, collectively, me as a security
Doron Hendler:officer or, or as an executive. And one of the challenges is if
Doron Hendler:you cannot trust no one, and you have to monitor and you have to
Doron Hendler:track and you have to learn how do you do this quickly,
Doron Hendler:accurately and automatically.
Dr. Dave Chatterjee:True, very true. And you mentioned trust,
Dr. Dave Chatterjee:and hope you will agree that we are moving in the direction of
Dr. Dave Chatterjee:Zero Trust, that yes, we should be trusting people who are
Dr. Dave Chatterjee:working for an organization who are loyal to the organization or
Dr. Dave Chatterjee:holding responsible positions. But there is enough evidence to
Dr. Dave Chatterjee:suggest that things happen in people's lives, people get
Dr. Dave Chatterjee:fired, people have tough economics times, which often
Dr. Dave Chatterjee:serve as a motivator to engage in disruptive acts. So
Dr. Dave Chatterjee:therefore, it is imperative that organizations arm themselves for
Dr. Dave Chatterjee:lack of a better word with the best possible solution,
Dr. Dave Chatterjee:technology solution, which will do the work for them, whereby
Dr. Dave Chatterjee:everybody is being monitored. So there is no discrimination of
Dr. Dave Chatterjee:any sorts, where technology is being used to monitor, carefully
Dr. Dave Chatterjee:monitor. So, Doron, going back to monitoring using technology,
Dr. Dave Chatterjee:share with the listeners, what was the traditional method, what
Dr. Dave Chatterjee:were some of the weaknesses of the traditional method, and what
Dr. Dave Chatterjee:you and your company are offering by wave of your
Dr. Dave Chatterjee:platform.
Doron Hendler:So today's detection technology,
Doron Hendler:predominantly, in the application space, I would say
Doron Hendler:based on rules. Now rules are were set and developed mainly
Doron Hendler:around patterns and scenarios, which have been identified, that
Doron Hendler:been identified by the corporate in the business as things that
Doron Hendler:you should not do or users should not do. So there were
Doron Hendler:listing all the things that people should not do. And if
Doron Hendler:they are doing this, the rule will flag it. The challenge with
Doron Hendler:this is that there is a limit to what we as human beings can
Doron Hendler:think of, of what potential scenarios may happen because
Doron Hendler:there is a limit, and you may skip some, one, few. And also
Doron Hendler:this approach of us thinking of what potentially may happen, is
Doron Hendler:not scalable across so many different applications? And
Doron Hendler:today, in our digital world, where applications are a click
Doron Hendler:away and you can adapt new system, new CRM, new SAP, a new
Doron Hendler:ERP system and so forth, many of the applications are only a
Doron Hendler:click away. How can you imagine that you will know the business
Doron Hendler:logic and the patterns of what can be done or what should not
Doron Hendler:be done across so many different applications. So the current
Doron Hendler:solution, today's solution around detections, which are
Doron Hendler:based on rules, basically provide very, very limited,
Doron Hendler:ineffective detection, in the application layer. Also, it's
Doron Hendler:not accurate, which means it generates very high number of
Doron Hendler:false positives. So you need much more, many more people to
Doron Hendler:go through this alerts to understand if these things
Doron Hendler:really happened. So you have to separate and identify the false
Doron Hendler:positive and, and the real incidents. So the industry have
Doron Hendler:moved into a much more accurate detection, which is based on
Doron Hendler:context. Just to give you an example, one of the first
Doron Hendler:companies that was thinking in moving into a sequence in
Doron Hendler:context was Cisco, when they introduced NetFlow. NetFlow was
Doron Hendler:one of the first product in the market that Cisco introduced,
Doron Hendler:that was actually doing the shift from analyzing single
Doron Hendler:activity single packet into a sequence of packets. Why,
Doron Hendler:because Cisco was saying accuracy comes with context, if
Doron Hendler:you will understand the context, you will have much better
Doron Hendler:accuracy. The same things happens also, with end-points.
Doron Hendler:Detection started with antiviruses, and slowly moved
Doron Hendler:into EDR, extended detection response, looking into
Doron Hendler:processes, into flows. So we at RevealSecurity was following
Doron Hendler:that trends and developing what we call user journey analytics
Doron Hendler:in the application. So we actually monitoring the journeys
Doron Hendler:in the activity, the sequences of who does what in the
Doron Hendler:applications and using or developed based on our very
Doron Hendler:unique machine learning unsupervised clustering engine,
Doron Hendler:we are able to differentiate and learn per user multiple behavior
Doron Hendler:profiles, it's normal behavior profiles. And if something
Doron Hendler:different happens, we can flag it and say, hey, there is
Doron Hendler:something different here from your normal activities. And then
Doron Hendler:you can investigate quickly and accurately why what was the
Doron Hendler:reason for that? So moving from all traditional context into
Doron Hendler:journeys, context, user journeys analytics, it's actually brings
Doron Hendler:a totally new dimension of very accurate detections or reducing
Doron Hendler:the signal to noise ratio, as we like to say, automatically and
Doron Hendler:quickly. And that's, that's the name of the game around
Doron Hendler:detection. And that's what is needed today.
Dr. Dave Chatterjee:Very interesting. So essentially, if
Dr. Dave Chatterjee:I could summarize what you said, that there is a clear move from
Dr. Dave Chatterjee:user behavior analytics to user journey analytics. Rule based
Dr. Dave Chatterjee:solutions, don't work, statistical analysis to augment
Dr. Dave Chatterjee:rule based solutions are also found to be not very effective.
Dr. Dave Chatterjee:Very interesting. So given this move to these more advanced,
Dr. Dave Chatterjee:more sophisticated solutions, for folks who are listening in
Dr. Dave Chatterjee:on this conversation, CISOs of companies who have the authority
Dr. Dave Chatterjee:to make purchasing decisions. How do they go about evaluating
Dr. Dave Chatterjee:the different products out there? What should they be
Dr. Dave Chatterjee:looking for, in terms of what would work best for their
Dr. Dave Chatterjee:context for their environment? Any advice? Any suggestions,
Doron Hendler:The best advice I can give your listeners is they
Doron Hendler:have to try it. So analytics and machine learning, it's a lot of
Doron Hendler:trial and errors. It's a lot of mathematics, it doesn't work on
Doron Hendler:every scenario on every applications. And my
Doron Hendler:recommendation and my advice is that you should be able to try.
Doron Hendler:Once you try this, some of the success criteria can be the
Doron Hendler:number of false positives, number of false negatives, how
Doron Hendler:accurate, how easy it is to investigate, can it be applied
Doron Hendler:to any application or specific application, can it be applied
Doron Hendler:to situations that you have between applications, for
Doron Hendler:example, today, you have identity providers, like Single
Doron Hendler:Sign On providers and then you move to another applications how
Doron Hendler:you can call it all of the sequences between the
Doron Hendler:application, how do you how do you analyze all of this journey?
Doron Hendler:So, trying, understanding, and analyzing the results are my my
Doron Hendler:advice to many of the listener, that they need to try this they
Doron Hendler:need to see actually how system is working and then come to the
Doron Hendler:conclusion what works for them best.
Dr. Dave Chatterjee:Very good, very good! Now, you mentioned
Dr. Dave Chatterjee:about use of machine learning to analyze to monitor analyze user
Dr. Dave Chatterjee:journeys. Now, we all know that even machine learning is an
Dr. Dave Chatterjee:evolving technology and the effectiveness of machine
Dr. Dave Chatterjee:learning techniques and outcomes depends on gathering good
Dr. Dave Chatterjee:quality data. So there are there are challenges with the machine
Dr. Dave Chatterjee:learning approach. So given that, just like you said, the
Dr. Dave Chatterjee:user behavior analytics approach has shortcomings, what could be
Dr. Dave Chatterjee:possible shortcomings of the user journey analytics approach.
Doron Hendler:So the user journey analytics in the end,
Doron Hendler:it's very much relies on the fact that you have a journey.
Doron Hendler:Sometimes in some applications, for example, transferring money,
Doron Hendler:if you transfer from money from point A to point B, there is no
Doron Hendler:journey, there is no process. Then you need to apply a
Doron Hendler:different modeling, a supervised modeling, like what like in the
Doron Hendler:industry. So user journey analytics, it's applicable to
Doron Hendler:application that has process, that there are different
Doron Hendler:options. So the user has different journeys in different
Doron Hendler:application, even if for the same application, you can, you
Doron Hendler:may do different things in different ways. And if it's
Doron Hendler:based that the user has a variety of options to do
Doron Hendler:different things. So user journey analytics is applicable
Doron Hendler:for cases and use cases where there are processes. Once you
Doron Hendler:have a process, it means that you have a sequence, sequence of
Doron Hendler:activities, sequence of activity represent a journey. And this is
Doron Hendler:something that with the right machine learning and clustering
Doron Hendler:that is able to cluster based on similarity, similar sessions,
Doron Hendler:then technology like this can be very, very effective. It has its
Doron Hendler:own challenges, because clustering needs data to be
Doron Hendler:accurate. And this is exactly one of the challenges in the
Doron Hendler:industry. Not all the clusters or the unsupervised clustering
Doron Hendler:engine are good for such scenarios. So my recommendation
Doron Hendler:is to find the company that really developed a dedicated
Doron Hendler:custom built dedicated clustering engine for security
Doron Hendler:purposes. And not using off-the-shelf or open source
Doron Hendler:solutions, as opposed to developing a dedicated
Doron Hendler:mathematical clustering engine that is able to cluster a high
Doron Hendler:number of data points or sequences accurately,
Doron Hendler:automatically, with zero configuration, that itself all
Doron Hendler:this profile by itself, self learning, and continuously
Doron Hendler:updating the profiles or creating new profiles as data
Doron Hendler:comes in. And that's the important, build an accurate
Doron Hendler:automatic machines that can save you money, time and effort.
Dr. Dave Chatterjee:Right, right. So another question that
Dr. Dave Chatterjee:comes to mind. When organizations adopt a new
Dr. Dave Chatterjee:technology, a new technology platform, it's not if one can
Dr. Dave Chatterjee:assume that, yeah, I've adopted it, I'm going to see results,
Dr. Dave Chatterjee:the organization also has to be prepared has to make certain
Dr. Dave Chatterjee:adjustments to the way they operate, whether it's from a
Dr. Dave Chatterjee:process context, from a people context, or from the existing
Dr. Dave Chatterjee:technologies, how they interface with the new technology
Dr. Dave Chatterjee:platform. So the organization has to make some adjustments. So
Dr. Dave Chatterjee:if if a company was going to adopt this technology platform
Dr. Dave Chatterjee:this, which provides these user journey analytics, what kind of
Dr. Dave Chatterjee:changes does it require? Like from a change management
Dr. Dave Chatterjee:standpoint, what should an organization be prepared for?
Dr. Dave Chatterjee:Does that make sense?
Doron Hendler:I have to say this Dave, my recommendation is
Doron Hendler:that technology will adapt itself for the organization,
Doron Hendler:because the probability that the organization will change for
Doron Hendler:specific technology is slim. So one of the requirements is that
Doron Hendler:this technology will offer a solution which are friction,
Doron Hendler:frictionless, that doesn't require major changes or any
Doron Hendler:changes. So, to my point of view, that's that's my
Doron Hendler:recommendation. Because expecting a very large
Doron Hendler:enterprise, I don't know with the 5000, 10,000 and sometime
Doron Hendler:50,000 people organization, to change in order to implement the
Doron Hendler:chances that this project will be successfully are very slim.
Doron Hendler:Therefore, if you adopt such a technology, the technology needs
Doron Hendler:to be designed in a way that it will not interrupt with the day
Doron Hendler:to day processes and will be adopted to observe them as they
Doron Hendler:are and come up with the insights automatically and
Doron Hendler:accurately.
Dr. Dave Chatterjee:Okay, that's good to know. So
Dr. Dave Chatterjee:essentially, what you're saying is, the adoption and
Dr. Dave Chatterjee:implementation of such a platform should be fairly
Dr. Dave Chatterjee:smooth, should not should not interrupt existing operations.
Dr. Dave Chatterjee:Well, that's, that's very good to know. Another aspect when
Dr. Dave Chatterjee:there is a detection of anomalous behavior, when the
Dr. Dave Chatterjee:user journey is different from the normal user journey, let's
Dr. Dave Chatterjee:say abnormal user journeys are detected. How does the alert
Dr. Dave Chatterjee:system work? Who is alerted? And is there a way of capturing or
Dr. Dave Chatterjee:documenting whether organizations are responding to
Dr. Dave Chatterjee:those alerts
Doron Hendler:When a sequence is being detected, there's an
Doron Hendler:anomaly, an alert is being sent to the SOC (Security Operations
Doron Hendler:Center) and being investigated by the analyst. Right. And then
Doron Hendler:they have to, they can follow a procedure. For example, if this
Doron Hendler:is a very high risk in a very high sensitive, sensitive
Doron Hendler:application, the procedure may be in a way that you basically
Doron Hendler:trigger another OTP (One-Time-Password) to the user.
Doron Hendler:And that's maybe something that the user need to confirm that he
Doron Hendler:is the user. And that he owns the device, because he's making
Doron Hendler:a sequence which is very sensitive, relates to
Doron Hendler:potentially money transfer. And because of that, you may decide
Doron Hendler:that the procedure will be sending another OTP, or a text
Doron Hendler:or something else. So there are different ways to do this. Now,
Doron Hendler:if you want to basically investigate, so you can, you can
Doron Hendler:also integrate into SOAR (security orchestration,
Doron Hendler:automation and response) system and suspend the user, hold the
Doron Hendler:users, quarantine the user not approving the transaction. So
Doron Hendler:there are many, many, many different ways that you need to
Doron Hendler:investigate and the classical way, the simplest way that I see
Doron Hendler:we see many organization in a way that you basically contact
Doron Hendler:this individual. And you ask him, why have you done this or
Doron Hendler:whether you have done this this sequence. And in many of the
Doron Hendler:cases, I have to say that internal consultants outsourcing
Doron Hendler:and then internal employees are also trying the system, they're
Doron Hendler:trying to see if there is some something or someone or some
Doron Hendler:technology that actually monitoring their behavior. So I
Doron Hendler:like to say also on going back to the guard at the entrance,
Doron Hendler:when you come in the morning, you see the guard, you tell the
Doron Hendler:guard, good morning, you trust him, he protect you, he is
Doron Hendler:monitoring who comes in and out. Also me as an employee, I trust
Doron Hendler:my security, infrastructure, security technology, that it
Doron Hendler:will protect me and make sure that I'm not going to be abused.
Doron Hendler:So nobody will steal my credentials. Or if somebody will
Doron Hendler:do a malicious activity that will hurt the organization, it
Doron Hendler:will be detected. So this is some of the thoughts that I have
Doron Hendler:on this point.
Dr. Dave Chatterjee:Yeah, makes sense. And just since he used a
Dr. Dave Chatterjee:couple of acronyms, SOC stands for security operations center,
Dr. Dave Chatterjee:and OTP stands for One-Time-Password. And if
Dr. Dave Chatterjee:there's anything else that comes up, we'll clarify as we go
Dr. Dave Chatterjee:along. But yeah, that makes a lot of sense. In fact, the
Dr. Dave Chatterjee:reason I asked that question Doron, in my work, when I do
Dr. Dave Chatterjee:research, when I consult with companies, I often come across
Dr. Dave Chatterjee:instances where their processes for quickly reacting to the
Dr. Dave Chatterjee:threat alerts and doing the due diligence is often slack, is
Dr. Dave Chatterjee:often sloppy. That's why I posed the question, but I totally
Dr. Dave Chatterjee:understand from where you're coming. Another kind of a
Dr. Dave Chatterjee:reaction to what you were saying is, in the world of security,
Dr. Dave Chatterjee:the perspective on security varies from organization to
Dr. Dave Chatterjee:organization. Some organizations are more skeptical than others,
Dr. Dave Chatterjee:when it comes to trying new solutions, because they feel
Dr. Dave Chatterjee:Yeah, we will spend money, we are not sure we will see the
Dr. Dave Chatterjee:ROI. So when you are talking about a solution like this,
Dr. Dave Chatterjee:which has a lot of promises a lot of potential, how do you
Dr. Dave Chatterjee:convince a potential buyer or potential customer to give it a
Dr. Dave Chatterjee:shot? What does it take? What have you experienced when you
Dr. Dave Chatterjee:have engaged with prospective customers? What are their
Dr. Dave Chatterjee:concerns when they're evaluating such platforms?
Doron Hendler:So one of the main concern is the variety of
Doron Hendler:new applications and legacy applications that security
Doron Hendler:executives needs to protect and write basically, business rules.
Doron Hendler:And, and they don't have the capability, the manpower, the
Doron Hendler:time to develop these across so many different applications. And
Doron Hendler:every other week, or day or month, you have more and more
Doron Hendler:applications, SaaS applications coming in, then you collect all
Doron Hendler:the logs and into a central repository, and you need to do
Doron Hendler:something with it. All right, rather than just collecting the
Doron Hendler:logs. So for us, it's not convincing. This is a need and
Doron Hendler:need by many of the security executives to come up with a
Doron Hendler:much more effective way accurate and cost saving in monitoring
Doron Hendler:the application layer, which is kind of there, but the need is
Doron Hendler:there. But the technology is not there yet. And we don't need to
Doron Hendler:convince them because they require something like this,
Doron Hendler:which today, they have to spend a lot of time and effort and
Doron Hendler:sometimes people even when we discuss with them maybe about
Doron Hendler:budgets and space holders they saying in responding to us, we
Doron Hendler:don't need to put a space holder for you guys. And I ask why?
Doron Hendler:Because the cost saving you giving us on professional
Doron Hendler:services that we need to hire third party companies to write
Doron Hendler:all these rules to advise us how to write the rules and patterns,
Doron Hendler:etc. The cost saving is already two or three times higher than
Doron Hendler:the cost of your system. So it's a no brainer in many of the
Doron Hendler:cases.
Dr. Dave Chatterjee:Okay, excellent. I want to reiterate
Dr. Dave Chatterjee:something you just said -- collecting the logs is not good
Dr. Dave Chatterjee:enough, you have to do something with the logs. So true! Promptly
Dr. Dave Chatterjee:analyzing the security logs, and taking the necessary action is
Dr. Dave Chatterjee:centric to maintaining a proactive security posture. So
Dr. Dave Chatterjee:Doran, we are coming to the end of our discussion today. I wish
Dr. Dave Chatterjee:we had more time. But anyhow, I'd like to give you the
Dr. Dave Chatterjee:opportunity to wrap it up for us with some final thoughts and
Dr. Dave Chatterjee:advice.
Doron Hendler:So when you're looking in into the future, in
Doron Hendler:the next few years, you will see more and more basically, that
Doron Hendler:the identities are becoming digital, there are no networks,
Doron Hendler:because it's all about identity access into the applications.
Doron Hendler:There are lots of different technology around access, around
Doron Hendler:identity and access management, but very few around detection of
Doron Hendler:applications. And at the end, what makes your business
Doron Hendler:successful are the people and the applications, the rest are
Doron Hendler:facilitators to make you successful. And if you really
Doron Hendler:want to be protected in making sure that you are fully covered,
Doron Hendler:there is a need for an application detection and
Doron Hendler:response solution layer, which is required today by many of the
Doron Hendler:organization and can provide you the bulletproof for the future.
Dr. Dave Chatterjee:Fabulous. Well, Doron, thank you so much
Dr. Dave Chatterjee:for your time for your insights. I'm sure listeners greatly
Dr. Dave Chatterjee:appreciate it. Thank you.
Doron Hendler:Thank you very much, Dave for hosting me today.
Dr. Dave Chatterjee:A special thanks to Doron Hendler for his
Dr. Dave Chatterjee:time and insights. If you like what you heard, please leave the
Dr. Dave Chatterjee:podcast a rating and share it with your network. Also,
Dr. Dave Chatterjee:subscribe to the show, so you don't miss any new episodes.
Dr. Dave Chatterjee:Thank you for listening, and I'll see you in the next
Dr. Dave Chatterjee:episode.
Introducer:The information contained in this podcast is for
Introducer:general guidance only. The discussants assume no
Introducer:responsibility or liability for any errors or omissions in the
Introducer:content of this podcast. The information contained in this
Introducer:podcast is provided on an as-is basis with no guarantee of
Introducer:completeness, accuracy, usefulness or timeliness. The
Introducer:opinions and recommendations expressed in this podcast are
Introducer:those of the discussants and not of any organization.
